Bryan Adams may have been buying his first real six string in the summer of ’69, but something more ground breaking, earth shattering, or even awe inspiring had also taken place that year. The first “node-to-node” communication between computers had taken place delivering the single word message “LOGIN”. Fast forward 22 years and this communication between systems have grown bigger than Grandpa Charlie’s stomach after a Christmas feast. And, just as good ol’ Papa Charlie would loosen his belt to make room for more, the World Wide Web removed limitations allowing anyone to access information on the Internet as well as set up web pages of their own launching the new age of e-commerce. Those static pages of yore, although pretty gosh darn impressive at the time, have recently made way for full blown web applications. These web applications are awesomely dynamic, undeniably rich, and riddled with security risks. Web applications ROCK!!! Wait… What? That’s right can you say “vulnerabilities” boys and girls? I knew you could.
Interestingly enough, the Internet was conceived as a way to keep long distance communications intact in the event that a missile attack destroyed the network of telephone systems. Today attacks are still a major concern and they are happening to gain access to the data that you are passing back and forth between you and your clients. In general, web application developers are doing what they can to incorporate security into their projects, but honestly, it is not on the forefront of the end users mind. Let’s be honest when you go into your web guy’s office and say, “I need a site with a form to collect this and that, so I can give my clients this, that, and the other”, your initial requirements are it has to work, and it has to look good while it is working. To an extent, that should be OK as you really on your web developer to address concerns such injections, cross-site scripting, and other like, which you probably aren’t even aware exist. What’s that you say? You use WordPress templates and therefore security is not a concern? Au contraire mon-frère! Indeed, the foundations of management systems such as WordPress are quite secure, however, 3 party plugins may have fallen short somewhere. If you are interested in developing plugins there is a nice handbook written by them that covers
plugin security.
So, what? Now I must become a security professional? Of course, you do. Shouldn’t everybody?!? Just kidding. My point to this post is not to give the Department of Homeland Security their next golden child, but rather to bring awareness to the non-professionals that these security concerns are quite real and they should be addressed in your project. Make it a part of your requirements that security is integrated into the development of your website or web application and ultimately help take that proverbial bite out of cybercrime.
Related
